Техническая информация
- '<Текущая директория>\їЄХЅєП»чL1_WCA.exe'
- '<SYSTEM32>\netsh.exe' advfirewall set allprofiles state off
- '<SYSTEM32>\cmd.exe' /c netsh advfirewall set allprofiles state off
- <Текущая директория>\їЄХЅєП»чL1_WCA.exe
- <SYSTEM32>\DEEC68AE-EB14-46d4-9813-B1F689AAB981
- %TEMP%\DEEC68AE-EB14-46d4-9813-B1F689AAB981
- <Текущая директория>\їЄХЅєП»чL1_WCA.exe
- <SYSTEM32>\DEEC68AE-EB14-46d4-9813-B1F689AAB981
- %TEMP%\DEEC68AE-EB14-46d4-9813-B1F689AAB981
- 'li###.tzzzky.com':80
- 'li###.pk9g.com':80
- 'li###.fpmen.com':80
- 'li###.xiang99.cn':80
- http://li###.tzzzky.com/UserId/LLLL8B0EB0467E695D3E1F.txt
- http://li###.pk9g.com/UserId/LLLL8B0EB0467E695D3E1F.txt
- http://li###.xiang99.cn/UserId/LLLL8B0EB0467E695D3E1F.txt
- http://li###.fpmen.com/UserUpdata/LLLL8B0EB0467E695D3E1F/��ս�ϻ�L1.exe.txt
- http://li###.fpmen.com/UserId/LLLL8B0EB0467E695D3E1F.txt
- DNS ASK li###.tzzzky.com
- DNS ASK li###.pk9g.com
- DNS ASK li###.fpmen.com
- DNS ASK li###.xiang99.cn